Google affiliate offers tools to safeguard elections from hacks
Posted on March 21, 2017 by Anick Jesdanun
In this Monday, Feb. 1, 2016, file photo, electronic screens post prices of Alphabet stock at the Nasdaq MarketSite in New York. An organization affiliated with Google is offering tools for news organizations and other election-related sites to protect themselves from hacking. Jigsaw, a research arm of Google parent company Alphabet Inc., says that free and fair elections depend on access to information, and to ensure such access, news, human rights and election-monitoring sites need to be protected from cyberattacks. (AP Photo/Mark Lennihan, File)
NEW YORK (AP) — An organization affiliated with Google is offering tools that news organizations and election-related sites can use to protect themselves from hacking.
Jigsaw, a research arm of Google parent company Alphabet Inc., says that free and fair elections depend on access to information. To ensure such access, Jigsaw says, sites for news, human rights and election monitoring need to be protected from cyberattacks.
Jigsaw’s suite of tools, called Protect Your Election, is mostly a repackaging of existing tools:
- Project Shield will help websites guard against denial-of-service attacks, in which hackers flood sites with so much traffic that legitimate visitors can’t get through. Users of Project Shield will be tapping technology and servers that Google already uses to protect its own sites from such attacks.
- Password Alert is software that people can add to Chrome browsers to warn them when they try to enter their Google password on another site, often a sign of a phishing attempt.
- 2-Step Verification helps beef up security beyond passwords by requiring a second access code, such as a text sent to a verified cellphone. Though Jigsaw directs users to turn this on for Google accounts, most major rivals offer similar protections, too.
“This is as much an occasion to have a conversation about digital security as it is putting all the tools in one place,” Jigsaw spokesman Dan Keyserling said.
While the tools can be useful to a variety of groups and individuals, Jigsaw says it is focusing on elections because cyberattacks often increase against news organizations and election information sites around election time. In particular, Jigsaw wants to help sites deploy the tools ahead of the French presidential elections, which begin April 23.
The tools are free, though Project Shield is limited to news organizations, individual journalists, human-rights groups and election-monitoring organizations.
It’s not known whether the tools might have prevented some of the high-profile attacks in the past, including the theft of emails from Democratic Party computers during the 2016 U.S. presidential campaign. The tools do not directly address such break-ins, but they could help guard against password stealing, a common precursor to break-ins.
What makes a cyberattack? Experts lobby to restrict the term
Posted on March 28, 2017 by Raphael Satter
Michael Schmitt, a professor of law at the U.S. Naval War College and University of Exeter in England, poses for a picture at the Victory Services Club, in London, Friday, March 24, 2017. Schmitt is one of a disparate group of experts campaigning against the layperson definition of “cyberattack” that they argue can lead to dangerous diplomatic missteps. (AP Photo/Tim Ireland)
LONDON (AP) — When U.S. senator John McCain told Ukrainian television that the allegedly Russian-backed breach of the Democratic National Committee’s server was “an act of war,” Michael Schmitt cringed.
Schmitt, a professor of law at the U.S. Naval War College and University of Exeter in England, has spent years trying to defuse talk of cyberattacks, an expression used to describe everything from remotely disabling a city’s power grid to stealing a Facebook password. The concern, for Schmitt and others, is that overheated rhetoric could prompt dangerous diplomatic missteps.
“We’re very nervous when people say ‘cyberattack,’ because a ‘cyberattack’ opens the door to a state responding at very highest level of severity,” Schmitt said in a recent interview. “If there’s any area where we need to be careful, it’s this.”
Schmitt is one of a group of academics campaigning to change the language around electronic subterfuge. Their work on a recently published handbook, the Tallinn Manual 2.0, is meant to help policymakers to distinguish serious attacks from minor incidents. Other experts are directly lobbying journalists and politicians to moderate their tone.
“Words matter,” said Thomas Rid, who teaches at the Department of War Studies at King’s College London. “Words affect intelligence operations; words affect military operations; words affect the behavior of allies and enemies. And of course words shape what lawmakers think and what laws are made. So if we’re not precise, we’re literally escalating a problem.”
Professionals are trying to knock back talk of cyberattacks, too. When Oklahoma Senator Jim Inhofe described the massive data breach at the U.S. Office of Personnel Management as one of America’s “most damaging cyberattacks,” one of America’s top spymasters corrected him.
“I would say that this was espionage,” then-National Security Agency Director James Clapper said. “I think there is a difference between an act of espionage, which we conduct as well, and other nations do, versus an attack.”
The indiscriminate use of the word “cyberattack” can also tip the scales of justice, said attorney Jay Leiderman, who has represented a Who’s Who of American hackers. Two of the cases Leiderman has been involved in, activist Jeremy Hammond and gonzo journalist Barrett Brown, have featured stiff sentences meted out over alleged “cyber attacks.”
“It affects the ability to get a fair trial,” said Leiderman. “The person who screws around a little bit is getting the same type of charges and the same kind of media coverage as a state-sponsored actor.”
Some don’t think it’s necessary to crack down on the term.
Dieter Fleck, the honorary president of the International Society for Military Law, said it was generally fine to use the word “cyberattack” so long as it wasn’t confused with the much more serious category of intrusions formally known as “armed attacks.”
But Jake Davis, the ex-spokesman for the Lulz Security group of hackers, said journalists needed to articulate what was happening online without resorting to the word “cyberattack,” a verbal crutch which he said came “from a place of laziness.”
The Associated Press Stylebook is defining a cyberattack narrowly as something that causes “physical damage or significant and wide-ranging disruption.” The malicious code that allegedly wrecked Iran’s centrifuges would qualify. The daily drumbeat of leaks and breaches wouldn’t.
The Stylebook definition, announced Friday, was welcomed by Schmitt, who called it a “monumental step forward.”
Even those who worry that the misuse of the word “cyberattack” is too widespread to stop backed the move.
“It may be too late,” said Josephine Wolff, an associate of the Harvard Berkman Center for Internet & Society. “But I do think that there’s value in helping people making the distinction.”